Archive for February 14th, 2012

As the widespread criticism of the SOPA/PIPA debacle began to subside with the indefinite shelving of the proposal, Congress is continues to consider alternative methods for increasing cybersecurity that damage online privacy. The current draft of the Cybersecurity Information Sharing Act of 2012 attempts to create ‘cybersecurity exchanges’ through which federal agencies and private entities could share confidential information without being subject to laws protecting individual privacy. Jim Harper from the Cato Institute explains his reading of the bill:

Reading over the draft, I was struck by sweeping language purporting to create “affirmative authority to monitor and defend against cybersecurity threats.” To understand the strangeness of these words, we must start at the beginning:

We live in a free country where all that is not forbidden is allowed. There is no need in such a country for “affirmative” authority to act. So what does this section do as it in purports to permit private and governmental entities to monitor their information systems, operate active defenses, and such? It sweeps aside nearly all other laws controlling them.

“Consistent with the Constitution of the United States and notwithstanding and other provision of law,” it says (emphasis added), entities may act to preserve the security of their systems. This means that the only law controlling their actions would be the Constitution.

It’s nice that the Constitution would apply, but the obligations in the Privacy Act of 1974 would not. The Electronic Communications Privacy Act would be void. Even the requirements of the E-Government Act of 2002, such as privacy impact assessments, would be swept aside.

The Constitution doesn’t constrain private actors, of course. This language would immunize them from liability under any and all regulation and under state or common law. Private actors would not be subject to suit for breaching contractual promises of confidentiality. They would not be liable for violating the privacy torts. Anything goes so long as one can make a claim to defending “information systems,” a term that refers to anything having to do with computers.

As Harper points out, the open-ended wording of this bill offers little protection for online privacy and essentially allows the government to act in ‘good faith’, without any significant limitations or mechanisms for accountability. This proposal is no better than SOPA or PIPA, which, if passed, would have enabled the government to shut down any websites containing links to online piracy websites where people could download illegal copies of music and movies.

As many have cited, there are good reasons for increased cybersecurity measures such as safeguarding the nation’s water and power systems, which experts have warned are already susceptible to cyber attacks from hackers. Fears over cyber attacks on systems such as air traffic controllers certainly provide adequate reason for concern. However, improvements in these areas of cybersecurity may be accomplished without creating venues for unregulated sharing of personal information between federal and private entities. Even if preventing the establishment of these ‘cybersecurity exchanges’ increases susceptibility to cyber attacks, that alone is not sufficient grounds for restricting Americans’ liberties under the First and Fourth Amendments protecting free expression and individual privacy.

The bill was introduced into Congress today and is supported by top members of the Senate Commerce, Intelligence, and Homeland Security Committees, among other members of Congress.

A recent study released by The Sentencing Project analyzes the rapid growth of the private prison industry in the United States between 1999 and 2010. Privatization is intended to create greater economic efficiency, but there is little evidence that this goal has been achieved:

Private prisons supporters assert that the private sector saves resources through greater efficiencies. These claims are supported by some reports showing that private prisons produce cost savings, largely through lower salaries and benefits by employing mostly nonunion employees. It is also argued that governments can benefit in the short term through the direct sale of correctional facilities to private companies and can save money when constructing new facilities through public-private initiatives, rather than solely through government funding. However, studies have shown these benefits to be mostly illusory.

The economic benefits have not materialized, but according to a November report released by the American Civil Liberties Union (ACLU) there are very real costs:

While evidence is mixed, certain empirical studies show a heightened level of violence against prisoners in private institutions. This may reflect in part the higher rate of staff turnover in private prisons, which can result in inexperienced guards walking the tiers. After an infamous escape from an Arizona private prison in 2010, for example, the Arizona Department of Corrections reported that at the prison, “[s]taff are fairly ‘green’ across all shifts,” “are not proficient with weapons,” and habitually ignore sounding alarms. Private facilities have also been linked to atrocious conditions. In a juvenile facility in Texas, for example, auditors reported, “[c]ells were filthy, smelled of feces and urine.”